Vulnerabilities > Xfce

DATE CVE VULNERABILITY TITLE RISK
2022-11-09 CVE-2022-45062 Argument Injection or Modification vulnerability in multiple products
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
network
low complexity
xfce debian fedoraproject CWE-88
critical
9.8
2022-06-13 CVE-2022-32278 XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.
network
xfce debian
6.8
2021-05-11 CVE-2021-32563 Improper Control of Dynamically-Managed Code Resources vulnerability in Xfce Thunar
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2.
network
low complexity
xfce CWE-913
critical
9.8
2019-11-14 CVE-2011-1588 Use of Externally-Controlled Format String vulnerability in multiple products
Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.
6.8
2018-10-19 CVE-2018-18398 Out-of-bounds Read vulnerability in Xfce Thunar and Xfce
Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV.
local
xfce CWE-125
1.9
2008-01-09 CVE-2007-6532 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xfce 4.4.0/4.4.1
Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."
network
low complexity
xfce CWE-119
critical
10.0
2008-01-09 CVE-2007-6531 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xfce 4.4.0/4.4.1
Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips.
network
low complexity
xfce CWE-119
5.0